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Anifindments to the Claims: 

TOs listing of claims will replace all prior versions, and listings, of claims in the appUcation: 
1) (Curtenfly Amended) A method of managing risk with the aid of a computer 

system, said method comprising: 

a. reeeivine a us«se lgctios .idcntif i iTig a set of risk elements, 

said risk elements being ^s^SiMSL^^^^ » ^^^'^ '^<>"P'«<^ *° 
said computer; 

b. for eadLftHeas^ risk element, He^ms ^he. computer rgtrieyjng one 
or more pt^etemrined c ontrol procedures jhe control proceduied 
iJ^r;fi,^h Y«„»dn,inistratora 5 a means for mitigating said risk element 

r^A,^iuf , tbe likelih -^ th^ Hsk will occur; 

c. the computer associating said one or more predetermins lcontrol 
procedures with said risk element, said E!ste2!SSd control procedures 
being stored in said database; 

d. p"t^'- 1-^trieving a weight assigning a weight asagped to each ons 

otsaid pt^determined control procedures sai(1 wqph^ t)ein^ stored in 
said database; 

e. ti,^ ^rrrr ^^ier r«r.eivine a user. sdgct imii^eteHaia^ a compliance 
rating for each said pTf-dBtermined control procedure^MlMinEselected 
Ky fh. in ^i^-ating a le v el of comolianrB with each one of said 
predetermined cMirra\ procedures : and 

f. %. computer calculating a compliance score, said compliance score 
being a function of said assigned weights and said compliance rating of 
said pr ^termined c ontrol procedures. 

2) (Currently Ajnended) The method of claim 1, wherein said compliance ratings 
comprise at least one rating identifying a non-fully compliant conirol procedure, said method 

furlher conqmsing the steps of; 

a. for each said control procedure having a non-fully compliant rating, M 
computer r eceiving a ..^^^ venerated s ignal indicating whether said non- 
fiilly con^)liant rating is accepted or not accepted; and 

b. for each said non-fiilly compliant control procedure which is indicated as 
not accepted, re ^»irmsr the us' '- ^" J^r,,^nAe signals for generating an 
action plan. 
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3) (Currently Amended) The method of clain) 2 wherein said action plan include 
a target date, said method further comprising the step ofthe computer calculating an expected 
compliance score for one or more future dates based on said action plan target dates. 

4) (Cuircntly Amended) The method of claim 3 further comprising the step of die 
cgnpiteLtracldng whether said expected compliance scores have been met, said tracking 
including calculating actual compliance scores for said target dates. 

5) (Currently Amended) The method of claim 4 further comprising the step of 
the computer displaying said expected compliance scores versus said actual compliance for said 
target dates. 

6) (Currently Amended) The method of claim 1 further comprising the step of the 
computer associating one or more parameters with each said compliance rating. 

7) (Original) The method of claim 6 wherein said one or more parameters are 
selected from the group comprising organization, business line, process, and region. 

8) (Currently Amended) The method of claim 6 further comprising the step of Sue 
computer sorting said compliance scores by said one or more parameters. 

9) (Cuncntly Amended) The method of claim 8 further comprising the step of the 
computer d isplaying said sorted conq>liance scores. 

10) (CuTTOTtly Amended) A method of managing risk with the aid of a computer 
system, said method comprising: 

a. the computer leceiving a user selection j dcntifi^tng a s e t of risk elements, 
said risk elements being retrieved from 5 tefed4ft a database coupled to 
said computer; 

b- the computer i dentifying one or more subrisk elements associated with 
each said risk element, each said subrisk element being retrieved from 
stor e d in s aid database; 

c. for at least one subrisk element, i dc?ntifyingi h e . computer retrievins one 
rtr more predetermined control procedures, the control procedured 
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identified bv an administrator as a means for mitigating said risk element 
by reducing the likelihood that the risk will occur; 
d. the computer associating said one or more control procedures with said 
risk element, said control procedures being stored in said database; 

d. the computer letrieving a weight a s signing a woight assignedj o each one 
of said predetermined control prfiredures. said weight being stored in 
said database : 

e, the computer receiving a user selection of d etegpatemg a compliance 
rating for each said predetermined control procedure, said compliance 
ratings including a plurality of categories including at least one category 
indicating said control procedure is not fully compliant; 

f the computer c alculating a compliance score, said compliance score 

being a function of said assigned weights and said compliance rating of 
said control procedures; 

g. for each said subrisk, the computer determining whether at least one 
control procedure associated with said subrisk is not fully compliant; 

h. for each said subrisk associated with at least one control procedure which 
is not fully compliant, the computer r eceiving a signal from the user 
indicating whether said subrisk should be accepted or not accepted; and 

i. for each said subrisk which is indicated as not accepted, the computer 
generating an action plan. 

1 1) (Currently Amended) The method of claim 1 0 wherein said action plan further 
includes a target date, said method further comprising the step of the computer 
calculating a future compliance score based on said action plan target dates. 

12) (Currently Amended) The method of claim 10 further comprising the step of the 
computer. associating one or more parameters with each said compliance rating. 

1 3) (Currently Amended) The method of claim 1 2 further comprising the step of the 
computer sorting said conq)liance ratings and displaying said sorted ratings. 

14) (Currently Amended) A method of forecasting risk with the aid of a computer 
system, said method comprising: 

a, the computer identifying a set of risk elements, said risk elements being 
stored in a database coupled to said computer; 

b. for at least one risk element, identifyin g the computer retrieving one or 
more predetermined_ contrQl procedures , the control procedured identified 
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by an administrator as a means for mitigating said risk element^ 
reducing the likelihood that the risk will occur ; 

c. the cotnputer, associating said one or more control procedures with said 
risk element, said control procedures being stored in said database; 

d. the computer retrieving a weight asoigning a w e ight assigned to each one 
of said predetermined control procedure s, said weight being stored in 
said database : 

e. the computer receiving a user selection of d e t e rmining a compliance 
ratiixg for each said predetermined control procedure, said compliance 
ratings chosen from a set of ratings including at least one rating 
identifying a non-fully compliant control procedure and at least one 
rating identifying fiilly compliant control procedures; 

f. for each said control procedure having a non-fully compliant rating, flie 
user emDlovinp the computer to generate g onoratinc an action plan» said 
action plan including a target date for at least one action listed therein; 
and 

g. the computer calculating an expected compliance score for a future date, 
said expected compliance score being a function of said assigned 
weights, said fully compliant control procedures, and said action plan 

. target dates for said non-fiilly compliant control procedures. 

1 5) (Original) The method of claim 14 wherein said action plan comprises a signal 
indicating whether said non-fully compliant rating is accepted or not accepted, said expected 
compliance score further being a function of said non-fiilly compliant ratings which have been 
accepted. 

16) (Currently Amended) A data processing system for managing risk, said system 
comprising: 

a. a database; 

b. a processor coupled to said database, said processor being programmed 
to perform the steps comprising: 

i. the computer receiving a first signal identifying a user selection of a set 
of risk elements, said risk elements being stored in said database; 

ii. the computer receiving r eceive a second signal identifying a user 
selection of one or more control procedures associated with each said 
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risk element, said control procedure comprising a means to mitigate said 
risk element, said control procedures being stored in said database; 

iii. the computer receiving F eeeive a third signal assigning a weight to each 
said control procedure, said weight being stored said database; 

iv. the computer receiving y ee^ a fourth sipnal identifying a user selection 

compliance rating for each said control procedure; and 
V. the computer calculating eakttkte a compliance score, said compliance 
score being a function of said assigned weights and said compliance 
rating of said control procedures. 

17) (Currently Amended) The data processing system of claim 16, wherein said 
coici^liance ratings comprise at least one rating identifying a non-fiilly compliant control 
procedure, said processor being further programmed to perform the steps comprising: 

a. for each said control procedure having a non-fully compliant rating, the 
computer r eceiving a signal indicating whether said noii-fully compliant 
rating is accepted or not accepted; 

b. for each said non-fully compliant control procedure which is indicated as 
not accepted, the computer receiving an action plan, said action plan 
including an expected target date for implementation and an expected 
compliance rating; and 

c. the computer g enerating one or more future expected compliance scores, 
said compliance scores being a function of said target dates, said 
assigned weights and said expected compliance rating of said control 
procedures, 

18) (Original) The data processing system of claim 16 further comprising a 
computer display coupled to said processor, said processor further being programmed to display 
said compliance scores on said computer display. 
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